Website Policy
Pursuant to Article 13 of the GDPR (General Data Protection Regulation) 2016/679.
Basis Information Technology Srl, hereinafter referred to as BIT, in its capacity as Data Controller, informs the users of the website www.basisinformationtechnology.com (hereinafter referred to as Data Subjects) that for the execution of the relationships with them, personal data referring to them are collected, pursuant to the EU Regulation 2016/679 “General Data Protection Regulation” (hereinafter referred to as “GDPR”) and Legislative Decree 196/2003 “Code on the Protection of Personal Data” as amended by Legislative Decree 101/2018.
As a result of the aforementioned regulations, BIT hereby informs the Data Subjects about which data are processed and the qualifying elements of the specific processing, which, in any case, must take place according to the principles of lawfulness, fairness and transparency, in the protection of the rights and confidentiality of the Data Subjects themselves.
Data Controller and Data Protection Officer
The Data Controller is Basis Information Technology Srl, C.F. and P.IVA 01151210497, with registered office in Via Valentini n. 14, 59100 Prato. The contact details of the Data Controller, for information or to send a request, are as follows: Tel. (+39) 0559063700, e-mail basisit.privacy@basisgroup.com, PEC basisit@pec.basisgroup.com.
It is also possible to contact the Data Protection Officer (DPO or DPO), designated by the Controller, in accordance with Article 37 of the GDPR, at the e-mail address dpo.basisit@basisgroup.com .
Purposes of the processing and data processed
Basis Information Technology Srl may process the Data Subject’s data for:
1 – activities related to site navigation by the Interested Party
The computer systems and software procedures responsible for the operation of the above website acquire, during their normal operation, some personal data relating to navigation, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.
The data, thus collected, could be used to ascertain responsibility in the event of any computer crimes against the site.
Please also consult the Cookie Policy on the site.
2 – responding to requests for information
The processing of personal data is aimed at following up and providing feedback to the Data Subject’s requests sent through the form on the pages of the website (“Contact Us”). The sending/communication of data is optional, explicit and voluntary.
3 – commercial promotion activities
The processing of personal data is done to send marketing and commercial communications related to the initiatives, services and products offered by Basis Information Technology Srl. For this purpose, the processing of data (such as first name, last name, email address, telephone) may be done via email or telephone.
Nature of data provision and legal basis for processing
Purposes 1 and 2: navigation data and requests for information are processed as necessary to give effect to computer and telematic protocols, legal obligations to which the Data Controller is subject (e.g. contract management, billing, registry management, credit protection, administrative services, organizational services and functional to the execution of the contract), as well as to respond to the requests of the Data Subject himself.
The processing of personal data carried out by Basis Information Technology Srl is necessary to fulfill the pre-contractual measures and carried out at the request of the same Data Subject (expressed during the browsing experience and manifested during the consultation of the website), ex art. 6 par. 1 lett. B) and C) of the GDPR.
Purpose 3 (commercial promotion): the legal basis of the processing is the consent explicitly expressed by the Data Subject with the consent to receive updates on initiatives, products and services (promotional purposes). In the event that such consent is not given to the processing of personal data, this will not affect the processing of data for other purposes.
Consent to the processing of data for promotional purposes may be withdrawn at any time, without any detrimental consequences or effects: the request to unsubscribe from the newsletter can be made directly by clicking on the “Unsubscribe” option at the bottom of the email containing the newsletter and entering one’s address to be deleted, ex art. 6 par. 1 lett. A) of the GDPR..
Methods of data collection and processing by Basis Information Technology Srl
Basis Information Technology Srl, as the Data Controller, collects and/or receives the information, concerning the Data Subject, released during the navigation of the website www.basisinformationtechnology.com.
The data collected through the above website are processed through computer and telematic procedures. Data of a technical nature, are stored at the company’s servers, to which all technical and organizational security measures required by the GDPR are ensured.
The processing of such information is necessary for the Data Controller to manage the site and to respond to requests for information from Interested Parties, including of a commercial nature, where consent is given.
Any refusal to provide personal data implies the impossibility for the Controller to manage and respond to the communication or request for information.
Disclosure of data, Authorized and Responsible nominees
The collected data will not be disclosed, sold or exchanged with third parties without the express consent of the Data Subject. The data may be communicated to the competent authorities, according to the terms of the law.
The processing is carried out by employees and/or collaborators of the Data Controller, who operate under its direct responsibility pursuant to Article 2-quaterdecies of Legislative Decree 196/2003, and who have been adequately trained, appointed, instructed, pursuant to Article 29 of the GDPR, and committed to confidentiality. If the Data Controller makes use of Data Processors expressly appointed pursuant to Art. 28 of the GDPR (such as, for example, IT support companies and hosting companies), these are entities that present sufficient guarantees to put in place adequate technical and organizational measures so that the processing meets the requirements of the regulations in force and guarantees the protection of the rights of the Data Subject.
The updated list of the Authorized Persons and the Data Processors is kept at the headquarters of the Data Controller itself.
Place of processing and data storage times
Data are processed and stored at the offices of the Data Controller and by companies contracted to carry out technical IT and development activities located within the European Union.
Personal data provided by browsing are not stored.
The data provided for the purposes related to point 2 and 3 will be retained for the time necessary to fulfill the purposes of the processing itself and in any case for the duration provided for by the regulations in force, and may also be retained even after the termination of the contract, for the fulfillment of all possible obligations related to or arising from the conclusion of the same, including events involving the intervention of the competent Authorities. In the case of judicial litigation, personal data will be processed for the duration of the same, until the conclusion of the judicial proceedings is reached.
Rights of the Data Subject
Data Subjects may exercise, the rights set forth in Articles 15 to 22 of the GDPR, subject to prior assessment and verification of their applicability. In particular, under these articles the Data Subject may exercise:
• the right of access (Article 15): the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data;
• the right to rectification or integration (Art. 16): the right to obtain from the Data Controller the rectification and/or integration of inaccurate or incomplete personal data concerning him/her, without undue delay;
• the right to erasure (“right to be forgotten”, Art. 17): the right to obtain from the Data Controller the erasure of personal data concerning him/her, without undue delay;- the right to restriction of processing (Art. 18): where applicable, the right to obtain from the Data Controller the restriction of processing;
• the right to receive notification, in case of rectification or erasure of personal data or in case of restriction of processing (Art. 19);
• the right to data portability (Art. 20): where applicable, the right of the Data Subject to receive in a structured, commonly used and machine-readable format, personal data concerning him or her that have been provided to the Data Controller, as well as the right to transmit such data to another Data Controller without hindrance from the Data Controller to whom he or she has previously provided them;
• the right to object (Art. 21): the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Art. 6(1)(e) or (f), including profiling on the basis of those provisions; and
• the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way (Article 22).
Data Subjects may at any time exercise the above rights by contacting the Data Controller and its Data Protection Officer at the contact details given in this notice. Finally, in accordance with Article 77 of the GDPR and without prejudice to any other administrative or jurisdictional recourse, if you believe that the processing that concerns them violates the same Regulation, the Interested Parties have the right to lodge a complaint with the Data Protection Authority, according to the procedures described on the institutional website www.gpdp.it.
Prato, 20/06/2024
The Data Controller – Basis Information Technology Srl